Introduction 


Social learning theory fully agrees with this title, according to this theory crime 
is the result of learned social behaviour. We always discuss the technical side 
of cyber security and tend to forget the psychological and morale drive. 


A study conducted by Danube University suggested that cybercriminals 
mindset is identical to that of a burglars or pickpockets, with the main 
difference between the two crimes being that cyber identity theft costs victims 
over $50 billion dollars a year and can destroy people’s lives. 


Motives and Intensions 


The moment we stop observing cyber security as a product and recognise that 
it is driven by crime, justified by motive and intention. 

We start understanding that there is no destination when it comes to Cyber 
security . It’s not an add-on product, but a mindset that starts within the 
organisation’s culture and ends in refining good cyber hygiene habits of all its 
users. 

One of the main ingredients for a successful Cyber security strategy, is 
understanding the difference between a motive and an intention. 

The intention is what it’s gonna be, what is it that they intend to do because of 
their motives. 

Since motive and intension is what really differentiate between a cybercriminal 
and cyberterrorist. 
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The Flock Mentality 


The lone wolf theory of cybercriminals has been largely debunked many years 
ago, more than 50% of cybercrime gangs are made up of six or more people, 
76% of whom are men with an average age of 35.1) 

They operate in a very businesslike orientation, where each has their role to 
play, with a ring leader that will have the final say. 

According to a comprehensive study on cybercriminals launched in 2018 by 
Hyslip and Holt. The basic demographics shows that 88% were male, 63% 
white, while 68.6% were single.(4) 


Cybercriminal groups assess the risks of the action they are about to commit 
and decide whether or not it’s worthwhile. 

The triage phase that most ransomware gang’s conducts, will determine the 
maximum ransom potentials and the most effective method considering many 
factors such as business geographical location, industry, and business size. Ina 
way, this is what Big Game Hunting in Cyber security is all about. 


Booters are the underground cyber enterprise that facilitate hacking tools and 
resources to other cybercriminal groups and individuals, they are one of the 
main reasons cybercrimes are on the rise. 

According to Hyslip and Holt 2018 research, they found that 89% of the 
cybercriminals interviewed had purchased services from one or more of these 
Booter. And they’re largely satisfied customers, with 74% reporting that the 
services they purchased worked as advertised. (4) 
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These two images exhibit a sample of different groups from different 


geographical areas, with different motives and intentions. It is the Alice in 
wonderland rabbit hole of the cybercrime world. 


Relation between Eastern Groups 
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Relation between Western Groups 
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Don’t think outside the box , destroy the box 


The type of cybercriminals we are discussing here are the smart kind. Although 
their criminal lifestyle choices aren’t smart. Nevertheless, their technical 
abilities are undeniably second to none. 


The Hackers Profiling Project (HPP) started in 2004 by UNICRI answers many of 
our questions. The HPP identified 9 main categories: Lamer, Script Kiddie, 
Cracker, Ethical Hacker, Quiet/Paranoid/Skilled Hacker (QPS), Cyber-warrior, 
Industrial Soy, Government Agent, Military Agent. 


Since our discussion is regarding crackers more than any other category, we 
will unpack this one. 

The term “cracker” was created around the beginning of the ‘90s, when the 
hacker community wanted to somehow differentiate the malicious (or lame) 
actions highlighted by the media, from the serious hacker research done by 
many underground groups such as CCC, LOpht, THC and so on. 


Generally speaking, crackers have good technical skills, which allow them to 
pursue their purposes; in the last years, nevertheless, due to the different 
players in the cybercrime arena (particularly when referring to skimming and 
phishing activities), we have also found crackers with poor or average technical 
background and field skills. Note that they are different from the so called 
“software crackers” who crack software protection to reproduce it illegally.(3) 


To be able to build your cyber defences and controls, first you must be able to 
think like the perpetrators, understand their mindset, drives and motivations. 
Are they hacktivists motivated by a cause, or cybercriminals who are motivated 


by financial gains, or simply an insider threat driven by hate and revenge. 
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That’s why | always advise to use the Attack Centric Strategy, which focuses on 
lowering the attackers ROI by increasing time, effort and cost associated to any 
cyber-attack. Understanding tactic, techniques, and procedures and how 
cybercriminals operate. Planning your defences accordingly is a great and more 
effective approach. 


The cyber defence imagination should not be contained within a thinking box. 
You need to use the Tenth Man Rule or what is called the Devil’s Advocate 
“\fcha Mistabra”. 

Based on the argumentative theory of reasoning, the rule dictates that when 
nine people agree that a strategy is correct, it is the tenth man’s duty to act as 
devil’s advocate and disagree, no matter how absurd it may be to do so. This 
way, all possibilities will be covered. 


Where to Next 


We asked the what and why, and now where next. 

The increase in cybercrimes between 2021 and 2022 was around 42%. 

2021 was one of the costliest years in terms of data breaches through phishing 
attacks in the last 17 years. Globally cybercrime damage costs $190,000 per 
second.(3) 


2024 will be the year of transitions on so many levels, economics, social, 
culture and political. And cyber security is not immune to that. Ransomware 
groups are all competing on the same portion of the market. 


You got to determine your own organisations risk appetite and identify the 
major business risks coming from cyber threat and vulnerability exposure. 

This CANNOT be generic, assets identification and knowing your threats and 
risks applied to your organisation, industry, and geographical location is key for 
its success. What works for Org A doesn’t necessarily work for Org B. 
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Cyber security is about enabling new ventures and ideas, and not being the 

reason to stop them. Creating better controls that assemble the freedom of 

creation and creativity, which is what the Cyber security vision, mission, and 
imperatives of any successful CISO should be. 


There will be around 56 major elections held globally in 2024, so it willbe a 
bumpy ride. Already seeing with the election in Pakistan, where they suspend 
telecommunications and mobile internet services on an election day. 


1- bbva.com - inside-the-mind-of-a-cybercriminal 

2- researchgate.net - Defining-the-Profile-of-Potential-Cyber-Criminals 
3- unicri.it/news/article/0811-4 hackers 

4- getastra.com - security-audit/cyber-crime-statistics 
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